What is the name of your state (only U.S. law)? Florida
On Sunday I posted a rant on this issue, but I was not in the proper frame of mind so I deleted it and I am looking at it more clearly.
So in 2010 I was asked to participate in a scam to defraud my company, when I reported it I was informed being it was just talk no one did anything wrong. The added stress and anxiety in breaking trust with someone I considered a father figure or risking my livelihood literally caused a psychotic break when I finally reported it as an ethics issue and broke on the spot. Yes I know I was too emotional y invested! Upon return, I was moved to another building, isolated, left out routine decision making meetings which I participated in, there is a lot more but not worth the time.
So I am cc'ed on an email informing senior management that the workload was getting too much and we need to contract work out. Again I was asked to participate which I declined. Overtime I come to find the new vendor was the son of the same person who I reported the ethics issue on. So when asked to share data with the vendor I informed the person I am uncomfortable in doing so because I am not aware of any NDA, the response is one went out, so I informed this person I will send him the data so he can review it and he can forward it on to the vendor, so all data exchange goes through him and I am not sharing information with the vendor directly. I informed HR that based on policy this is a conflict of interest and knowing the person I am confident shortcuts were taken. I check the whois on the vendor site and it is registered to the persons personal home address, which I printed an supplied to HR. I inform HR that I m uncomfortable sharing any information with the vendor because I suspect no NDA is in place. The investigation takes all of one day and the response was there is no issue everything is in order and management is okay with it. Fine, fearing of the the reprisal I break on the spot and require medical assistance in leaving the work place and take to the hospital.
So four years go by, being abused by this person, harassed and my attitude towards a company I loved was now hate and I am in routine treatment for my behavior issue because for me it was very traumatic. Changes occurred where the person who I reported leaves with some other pretty high decision makers of the business.
About two weeks ago I am doing a search on the Internet and there I find a vendor site where the project document that was created by the person I reported and along with what can we consider confidential/sensitive information, all under a different vendor name but was the same contact information person we were dealing with, in one of the screen shots there it is, stating created by such and such (the same vendor name that I expressed concerned about) . Being it is the same HR person that I am reporting this to, I do my home work, confirmed no nda with the current vendor hosting the information and btw we do no business with, find there was no NDA for the original vendor, no qualification was done, no background check and top it off the representatives were given remote access capabilities allowing them access to personal information which based on the NCLS definition would require notifying individuals who maybe at risk as this should constitute a data breach.
Similar to lawsuits under EEOC, the results of harassment and retribution in reporting the actions that violated laws such a data breaches can now be factually proven, do I have legal ground being the harassment and retribution resulted in a psychotic break? Being that the actions were 2010-2013 and now in 2014 fact proven it was violation of law. Being I thought this was always the case but never thought the person would be stupid enough to post stuff word for word, I have every email from 2010 through current printed and in my possession.
Being that unauthorized people had access to data that would require notifications if breached, are notifications still required if I can not prove they accessed the members information? Meaning that they were granted rights to a database that had more than member information but I can not prove they used the members table in the development of a software solution?
On Sunday I posted a rant on this issue, but I was not in the proper frame of mind so I deleted it and I am looking at it more clearly.
So in 2010 I was asked to participate in a scam to defraud my company, when I reported it I was informed being it was just talk no one did anything wrong. The added stress and anxiety in breaking trust with someone I considered a father figure or risking my livelihood literally caused a psychotic break when I finally reported it as an ethics issue and broke on the spot. Yes I know I was too emotional y invested! Upon return, I was moved to another building, isolated, left out routine decision making meetings which I participated in, there is a lot more but not worth the time.
So I am cc'ed on an email informing senior management that the workload was getting too much and we need to contract work out. Again I was asked to participate which I declined. Overtime I come to find the new vendor was the son of the same person who I reported the ethics issue on. So when asked to share data with the vendor I informed the person I am uncomfortable in doing so because I am not aware of any NDA, the response is one went out, so I informed this person I will send him the data so he can review it and he can forward it on to the vendor, so all data exchange goes through him and I am not sharing information with the vendor directly. I informed HR that based on policy this is a conflict of interest and knowing the person I am confident shortcuts were taken. I check the whois on the vendor site and it is registered to the persons personal home address, which I printed an supplied to HR. I inform HR that I m uncomfortable sharing any information with the vendor because I suspect no NDA is in place. The investigation takes all of one day and the response was there is no issue everything is in order and management is okay with it. Fine, fearing of the the reprisal I break on the spot and require medical assistance in leaving the work place and take to the hospital.
So four years go by, being abused by this person, harassed and my attitude towards a company I loved was now hate and I am in routine treatment for my behavior issue because for me it was very traumatic. Changes occurred where the person who I reported leaves with some other pretty high decision makers of the business.
About two weeks ago I am doing a search on the Internet and there I find a vendor site where the project document that was created by the person I reported and along with what can we consider confidential/sensitive information, all under a different vendor name but was the same contact information person we were dealing with, in one of the screen shots there it is, stating created by such and such (the same vendor name that I expressed concerned about) . Being it is the same HR person that I am reporting this to, I do my home work, confirmed no nda with the current vendor hosting the information and btw we do no business with, find there was no NDA for the original vendor, no qualification was done, no background check and top it off the representatives were given remote access capabilities allowing them access to personal information which based on the NCLS definition would require notifying individuals who maybe at risk as this should constitute a data breach.
Similar to lawsuits under EEOC, the results of harassment and retribution in reporting the actions that violated laws such a data breaches can now be factually proven, do I have legal ground being the harassment and retribution resulted in a psychotic break? Being that the actions were 2010-2013 and now in 2014 fact proven it was violation of law. Being I thought this was always the case but never thought the person would be stupid enough to post stuff word for word, I have every email from 2010 through current printed and in my possession.
Being that unauthorized people had access to data that would require notifications if breached, are notifications still required if I can not prove they accessed the members information? Meaning that they were granted rights to a database that had more than member information but I can not prove they used the members table in the development of a software solution?
